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Introduction 


e On-chip debug interfaces (such as J TAG) 
are a well-known hardware attack vector 
— Extract program code or data 
— Modify memory contents 
— Affect device operation on-the-fly 
— Provide chip-level control of a target device 
— Used as a stepping stone to further an attack 


e Identifying interfaces can sometimes be 
difficult and/or time consuming 


Goal 


e Create an easy-to-use, open source tool to 
simplify the process 


Design Specifications 


e Open source/hackable/expandable 
e Command-based interface 

° [Input protection 

e Adjustable target voltage 

e ” Off-the-shelf components 

e Hand solderable 
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Demonstration 


Possible Limitations 


No supported interface exists 
Interface is physically disconnected 

— Cut traces, missing jumpers/0 ohm resistors 
Interface isn't being properly enabled 

— Password protected, other pin settings needed 
Signaling mismatch 

— Incorrect voltage levels, strong pull resistors on target 


Abnormal target behavior due to fuzzing 
unknown pins 


3k Additional reverse engineering will be necessary 


Resources 


e www.jtagulator.com 


FF Schematics, source code, BOM, block diagram, Gerber 
plots, photos, videos, other documentation 


e www.parallax.com 


xr Assembled units, accessories 
tx Worldwide authorized distributors 


e. http://oshpark.com/profiles/joegrand 


xxx Bare boards 


